Java Trust Store
Please note that we've decided to move our support portal to help.savignano.net to to further improve the services for our customers.
The updated version of this page can be found at https://help.savignano.net/snotify-email-encryption/java-trust-store
This page explains how to add certificates to the Java trust store.
Purpose
You may have to work with certificates that are not in the default trust store. For example, companies often use their own private certificate authority (CA) issuing root certificates that are not included in the default installations.
In that case, these certificates need to be added to the Java trust store of the Jira or Confluence instance.
How to
Certificates can be added to the Java trust store using the keytool utility that comes with Java.
For example, to add a certificate named myRootCert.pem, use
$JAVA_HOME/bin/keytool -importcert -trustcacerts -cacerts -file myRootCert.pem -alias myRootCert
Notes:
The password requested to update the Java truststore is changeit by default.
Before Java 9, there was no
-cacertsoption. Instead you must provide the location of the cacerts keystore using the-keystoreoption. The cacerts keystore should be located either at $JAVA_HOME/jre/lib/security/cacerts or $JAVA_HOME/lib/security/cacerts.If you need to run the import unattended, append
-storepass changeit -nopromptto the above command.
After having added the certificate to the truststore, restart Jira or Confluence.
Beware!
If the keytool command displays
Certificate was added to keystore
this may not be true. Look out for any error messages like
keytool error: java.io.FileNotFoundException: [...] (Permission denied)
The S/Notify Email Encryption apps are brought to you by savignano software solutions, a small yet savvy IT solutions company in Germany. Click here for legal information.